[gentoo-commits] repo/gentoo:master commit in: media-video/vlc/, media-video/vlc/files/

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

From: "Ian Delaney" <idella4@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: media-video/vlc/, media-video/vlc/files/
Date: Wed, 28 Oct 2015 01:43:10 +0000 (UTC)	[thread overview]
Message-ID: <1445996581.512cacd39f22b2bfde6725f09d0f08ff37e8bbd6.idella4@gentoo> (raw)

commit:     512cacd39f22b2bfde6725f09d0f08ff37e8bbd6
Author:     Ian Delaney <idella4 <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 28 01:40:00 2015 +0000
Commit:     Ian Delaney <idella4 <AT> gentoo <DOT> org>
CommitDate: Wed Oct 28 01:43:01 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=512cacd3

media-video/vlc: revbump -> -2.2.1-r1, sec patch CVE-2015-5949

patch submitted by proxy maintainer via the gentoo bug, also
runtested by Amynka, removed initial vlc-2.2.1.ebuild

Gentoo bug: #558418

Package-Manager: portage-2.2.23

 media-video/vlc/files/vlc-2.2.1-CVE-2015-5949.patch       | 15 +++++++++++++++
 media-video/vlc/{vlc-2.2.1.ebuild => vlc-2.2.1-r1.ebuild} |  3 +++
 2 files changed, 18 insertions(+)

diff --git a/media-video/vlc/files/vlc-2.2.1-CVE-2015-5949.patch b/media-video/vlc/files/vlc-2.2.1-CVE-2015-5949.patch
new file mode 100644
index 0000000..83a5258
--- /dev/null
+++ b/media-video/vlc/files/vlc-2.2.1-CVE-2015-5949.patch
@@ -0,0 +1,15 @@
+https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=ce91452460a75d7424b165c4dc8db98114c3cbd9;hp=9e12195d3e4316278af1fa4bcb6a705ff27456fd
+--- a/modules/demux/mp4/libmp4.c
++++ b/modules/demux/mp4/libmp4.c
+@@ -3643,6 +3643,11 @@ void MP4_BoxFree( stream_t *s, MP4_Box_t *p_box )
+     {
+         for( i_index = 0; ; i_index++ )
+         {
++            if ( MP4_Box_Function[i_index].i_parent &&
++                 p_box->p_father &&
++                 p_box->p_father->i_type != MP4_Box_Function[i_index].i_parent )
++                continue;
++
+             if( ( MP4_Box_Function[i_index].i_type == p_box->i_type )||
+                 ( MP4_Box_Function[i_index].i_type == 0 ) )
+             {

diff --git a/media-video/vlc/vlc-2.2.1.ebuild b/media-video/vlc/vlc-2.2.1-r1.ebuild
similarity index 99%
rename from media-video/vlc/vlc-2.2.1.ebuild
rename to media-video/vlc/vlc-2.2.1-r1.ebuild
index 73ab21a..be3ece4 100644
--- a/media-video/vlc/vlc-2.2.1.ebuild
+++ b/media-video/vlc/vlc-2.2.1-r1.ebuild
@@ -250,6 +250,7 @@ src_prepare() {
 	# We are not in a real git checkout due to the absence of a .git directory.
 	touch src/revision.txt || die
 
+	# PATCHES
 	# Fix build system mistake.
 	epatch "${FILESDIR}"/${PN}-2.1.0-fix-libtremor-libs.patch
 
@@ -271,6 +272,8 @@ src_prepare() {
 	# Add missed header imgproc_c.h, imgproc.hpp, bug #554562
 	epatch "${FILESDIR}"/opencv-3.0.0.patch
 
+	epatch "${FILESDIR}"//${P}-CVE-2015-5949.patch
+
 	# Don't use --started-from-file when not using dbus.
 	if ! use dbus ; then
 		sed -i 's/ --started-from-file//' share/vlc.desktop.in || die

next             reply	other threads:[~2015-10-28  1:43 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-10-28  1:43 Ian Delaney [this message]
  -- strict thread matches above, loose matches on Subject: below --
2016-02-09  7:41 [gentoo-commits] repo/gentoo:master commit in: media-video/vlc/, media-video/vlc/files/ Lars Wendler
2016-11-26 18:00 Michael Palimaka
2016-11-26 18:00 Michael Palimaka
2017-08-29 19:40 Andreas Sturmlechner
2017-12-09 13:52 Andreas Sturmlechner
2018-03-18 20:21 Andreas Sturmlechner
2018-11-08 12:29 Andreas Sturmlechner
2019-02-24 18:01 Andreas Sturmlechner
2019-02-27 22:20 Thomas Raschbacher
2019-03-10  9:34 Andreas Sturmlechner
2019-08-01 15:34 Andreas Sturmlechner
2021-04-23  8:09 Sergei Trofimovich
2021-06-22 18:43 Sam James
2021-08-31 19:06 Pacho Ramos
2021-11-07 15:41 Andreas Sturmlechner
2023-05-13 22:52 Sam James
2023-05-27  2:17 Sam James
2024-03-17  4:02 Sam James
2024-07-03 14:26 Ben Kohler
2024-10-04 17:37 Andreas Sturmlechner
2025-01-08  8:22 Sam James
2025-01-15 20:31 Andreas Sturmlechner
2025-02-12 22:43 Andreas Sturmlechner
2025-03-21 22:43 Andreas Sturmlechner

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:83a5258 dfblob:73ab21a dfblob:be3ece4 )
 OR (
bs:"[gentoo-commits] repo/gentoo:master commit in: media-video/vlc/, media-video/vlc/files/" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1445996581.512cacd39f22b2bfde6725f09d0f08ff37e8bbd6.idella4@gentoo \
    --to=idella4@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox